GDPR Notice
Scope and Applicability
This Data Protection and GDPR Notice describes how NGL LAW processes personal data for users of our website and services in the United States of America and, where applicable, for individuals located in the European Economic Area, the United Kingdom, and Switzerland. It complements, and does not replace, other service-specific disclosures or notices required by U.S. federal or state laws.
Where we process personal data of individuals in the EEA/UK/CH, we do so in accordance with the General Data Protection Regulation (GDPR) and analogous laws, in addition to applicable U.S. law. This Notice applies to data we collect online through our site and related services, including crypto market analytics, stock market insights, and account or communication features.
Data Controller and Contact Information
The data controller for personal data processed in connection with this website is:
Diane Caddy (d/b/a NGL LAW)
2000 E Rio Salado Pkwy, Tempe, AZ 85281, USA
Email: [email protected]
For any questions, requests, or complaints regarding this Notice or our data practices, please contact us using the email address provided above.
Categories of Personal Data We Process
Depending on your interactions with us, we may process the following categories of personal data:
- Identifiers and contact information (name, email address, account identifiers)
- Online identifiers and device data (IP address, device type, operating system, browser type, unique device IDs, approximate geolocation derived from IP)
- Usage data (pages viewed, links clicked, time spent, referring URLs, search queries, log files)
- Account and preference data (saved watchlists, alert settings, language or region preferences)
- Financial market interaction data (public blockchain wallet addresses you submit, tickers you follow, portfolio simulations you create); note that public blockchain addresses are inherently public on-chain
- Communications (support inquiries, feedback, survey responses)
- Marketing data (consents, opt-ins/opt-outs, campaign engagement)
We do not intentionally collect sensitive personal information (such as precise geolocation, health data, or government-issued IDs) through this site. If you choose to provide such data, we will handle it in accordance with this Notice and applicable law.
Sources of Personal Data
We obtain personal data directly from you (for example, when you submit forms or contact us), automatically through your use of the site (via cookies and similar technologies), and from service providers (such as analytics vendors or anti-fraud providers). We may also process public data you make available on the blockchain or other publicly accessible sources when you link or submit references to such information.
Purposes of Processing and Legal Bases
Purposes
- Operate, maintain, and improve our website, analytics dashboards, and features
- Provide content, insights, tutorials, and market intelligence
- Personalize your experience, including remembering preferences and watchlists
- Measure performance and analyze usage to develop new features and services
- Communicate with you regarding inquiries, updates, and administrative messages
- Provide marketing communications where permitted and with consent where required
- Detect, prevent, and investigate fraud, abuse, and security incidents
- Comply with legal obligations and enforce terms
Legal Bases under GDPR
- Consent (e.g., for certain analytics, cookies, and marketing)
- Performance of a contract or steps prior to entering into a contract (e.g., providing requested services or features)
- Legitimate interests (e.g., securing our services, improving functionality, audience measurement) balanced against your rights and freedoms
- Compliance with legal obligations (e.g., recordkeeping, responding to lawful requests)
Where we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing prior to withdrawal.
Cookies and Similar Technologies
We use cookies, web beacons, pixels, SDKs, and similar technologies to operate the site, remember preferences, perform analytics, and, where applicable, tailor content. Categories may include:
- Strictly necessary cookies (essential for core functionality and security)
- Functional cookies (enhanced features and preferences)
- Analytics cookies (usage measurement and performance)
- Advertising cookies (where used, to understand content engagement and, if applicable, deliver or measure advertising)
You can manage cookies via your browser settings. Where required by law, non-essential cookies will be used only with your consent. Some browsers and extensions support Global Privacy Control signals; see the section on Do Not Track and Global Privacy Control below.
Disclosures to Third Parties
We may disclose personal data to the following categories of recipients for the purposes described above:
- Service providers and processors (hosting, analytics, security, email delivery, customer support)
- Professional advisors (legal, compliance, accounting) under confidentiality obligations
- Authorities and regulators, where legally required or to protect rights and safety
- Successors in interest in connection with a merger, acquisition, or corporate reorganization, subject to this Notice
We require service providers to process personal data only on our instructions and to implement appropriate security measures.
International Transfers
We are based in the United States and your data may be transferred to, stored in, or otherwise processed in the U.S. and other jurisdictions that may not provide the same level of data protection as your home country. Where GDPR applies, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for international transfers, and will take supplementary measures where necessary.
Data Retention
We retain personal data for as long as necessary to fulfill the purposes described in this Notice, including to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce agreements. Retention periods vary based on the type of data and our legal obligations. When data is no longer needed, we will delete or de-identify it in accordance with our policies and applicable law.
Security Measures
We implement administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption in transit where appropriate, and monitoring for abnormal activity. No system is entirely secure; we encourage you to use strong passwords, enable available security features, and promptly notify us of any suspected unauthorized activity.
Notice at Collection for California Consumers
We collect the categories of personal information described in the section “Categories of Personal Data We Process” for the business and commercial purposes listed in “Purposes of Processing and Legal Bases.” We disclose personal information to the categories of recipients listed in “Disclosures to Third Parties.” We do not use or disclose sensitive personal information for purposes other than those permitted by law. We retain personal information as described in “Data Retention.”
We do not sell personal information for monetary consideration. We may share personal information with third parties for cross-context behavioral advertising as defined by California law. You can opt out of sale/sharing by contacting us as described below and by enabling a recognized browser-based opt-out preference signal where supported.
Your Rights
GDPR Rights (EEA/UK/CH)
Subject to legal limitations, you have the right to:
- Access your personal data and obtain a copy
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict processing in certain circumstances
- Data portability
- Object to processing based on legitimate interests and to direct marketing
- Withdraw consent where processing is based on consent
Because blockchain transactions and addresses may be publicly recorded on decentralized networks outside of our control, certain rights (like erasure) cannot be fully applied to on-chain records. We will honor your rights to the fullest extent possible for data we control.
U.S. State Privacy Rights
Depending on your state (e.g., California, Colorado, Connecticut, Virginia, Utah), you may have rights to:
- Know/access the categories and specific pieces of personal information we have collected
- Delete personal information, subject to exceptions
- Correct inaccurate personal information
- Opt out of sale or sharing for cross-context behavioral advertising and certain profiling
- Receive information about our data practices at or before collection
- Non-discrimination for exercising your rights
Exercising Your Rights and Verification
To exercise your rights, please contact us at [email protected] with your request and sufficient information to verify your identity and locate your data (such as email address and a description of your interaction with our site). Authorized agents may submit requests on behalf of California residents if they provide proof of authorization and we can verify the consumer’s identity.
Appeals
If we decline to act on a request, you may appeal by replying to our decision or emailing us with the subject line “Privacy Request Appeal.” We will inform you in writing of any action taken or not taken in response to an appeal and our reasons.
Children’s Privacy
Our services are not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you are a resident of the EEA/UK, we do not knowingly process personal data of children under the age at which consent is valid in your country without appropriate authorization. If you believe a child has provided us personal data, please contact us to request deletion.
Do Not Track and Global Privacy Control
Some browsers include a Do Not Track (DNT) feature. Because there is no common industry standard for responding to DNT signals, we do not currently respond to DNT. We will, however, endeavor to honor browser-based opt-out signals (such as Global Privacy Control) where legally required for opting out of sale/sharing.
Do Not Sell or Share Personal Information
You may opt out of the sale or sharing of your personal information (as those terms are defined by applicable law) by contacting us at [email protected] and by enabling an applicable browser-based opt-out signal. We will not discriminate against you for exercising your privacy rights.
Automated Decision-Making and Profiling
We do not engage in automated decision-making that produces legal or similarly significant effects on individuals. We may use analytics to understand engagement and improve services, but we do not make decisions that have legal effects based solely on automated processing.
Financial Information and Trading Data
We provide market data, analytics, and educational content. We do not require you to submit payment card numbers through this site. If you choose to link or input public blockchain wallet addresses or create simulated portfolios, be aware that blockchain transactions are public and immutable; exercise caution when sharing addresses and transaction details.
Updates to This Notice
We may update this Notice to reflect changes in our practices, technologies, or legal requirements. The updated version will be indicated by a revised “Last Updated” date. Material changes will be communicated through our website or by direct notice where appropriate.
How to Contact Us
If you have questions about this Notice, our privacy practices, or wish to exercise your rights, contact:
Diane Caddy (d/b/a NGL LAW)
2000 E Rio Salado Pkwy, Tempe, AZ 85281, USA
Email: [email protected]
Effective Date: 2025-09-30
